Let's encrypt + couchdb: getting ERR_CERT_AUTHORITY_INVALID

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
https://monxas.ninja:6984/_utils
I copied the generated and functioning let’s encrypt certificates of my apache webserver into a couchdb directory.

I edited the local.ini couchdb config file and linked the cert files like so:

cert_file = /home/pi/couchdb/certs/fullchain.pem
key_file = /home/pi/couchdb/certs/privkey.pem

It produced this output:

My web server is (include version):
apache2 but :6984 is running couchdb
The operating system my web server runs on is (include version):
raspbian buster

I can login to a root shell on my machine (yes or no, or I don’t know):
yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
certbot 0.31.0

1 Like

Hello @monxas, Welcome back!
So I see you have created and are using a LE Certificate. Good Job.
But I don’t see a question here?

Rip

1 Like

Is that actually the URI to your CouchDB? I’m getting a CouchDB login screen, but I’m not familiair with CouchDB to actually know if it’s CouchDB directly or perhaps I’m connecting to an Apache reverse proxy or the sorts…

Reason why I’m asking is because I’m seeing a green lock without any TLS error what so ever. I.e., “works for me”.

I’m thinking the “”“queston”"" is hidden in the thread title. Actually not a question indeed, but I’m guessing he/she asks for help regarding the error mentioned, which I’m not able to reproduce.

2 Likes

Thanks. I do see the implication in the title.
But from my location I am not gettin any errors from my browser.

https://monxas.ninja:6984/_utils/#login

Work fine (for me).

https://monxas.ninja/

Also works for me.

SSL labs lists some cypher suite issues but fundementally gives a thumbs up.

https://www.ssllabs.com/ssltest/analyze.html?d=monxas.ninja

1 Like

It also complains about you supporting TLS 1.0 and 1.1.

Go play here: https://ssl-config.mozilla.org/

1 Like

Thanks for replying.I’m finding some of the devices load the petitions no problem, and other don’t. my app is on https://monxas.com/tizzle If the app loads AND there are images it would be working as I expect, if they don’t, by opening the dev tools and network panel there will appear connections to https://monxas.ninja:6984/wines/ that are failing. or you can stragiht up visit that endpoint. it might either show the error of the title or just an identification error which is expected. you might be able to try from a different computer if it already worked normally for you, I’m finding a 50% of devices failing.

Also, check for the validity of the certificate specifically for the 6984 port, for example here: https://www.geocerts.com/ssl-checker if you check monxas.ninja:6984 there i will show errors.

EDIT: Fixed!! I added the chain.pem to the cacert file path in the local.ini file and it works!

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.